Homebrew (V*) HAX

PF2M

Ex-Miiverse Hacker
Member
Joined
Sep 8, 2015
Messages
552
Trophies
0
Age
22
Location
Ohio
XP
989
Country
United States
TFW your game gets taken off the eShop because someone on GBATemp found an exploit in it.
vvvvvv.png
 

nl255

Well-Known Member
Member
Joined
Apr 9, 2004
Messages
2,984
Trophies
0
XP
2,523
Country
It's kinda sad how they had to take down VVVVVV just because of a secondary homebrew exploit, something that isn't even useful to us anymore unless you're having trouble using Smashhax to downgrade and need a secondary exploit too. VVVVVV is actually a really good game, one of the first I bought when I got my O3DS. And now, nobody will be able to experience it until they fix the glitch. :/

Well it is still available for download using DTK/FunKeyCia. Not to mention the usual sources.
 

hacksn5s4

Banned!
Banned
Joined
Aug 12, 2015
Messages
4,332
Trophies
0
XP
1,292
Country
well games made by small devs are more likey to have exploits in them if a kid made a game and it was good enough for the eshop it would still probably have bugs in it. v6 is not made by a kid but the dev seems to be a small indie dev

--------------------- MERGED ---------------------------

any ways what if the maker of vvvvvv does not know how to patch exploits his game will not be on the eshop anymore i mean its kinda a bug but you need to know how it works to fix it and the maker of vvvvvv did not make the exploit
 
Last edited by hacksn5s4,

ongo_gablogian

Well-Known Member
Member
Joined
Mar 26, 2010
Messages
191
Trophies
1
XP
593
Country
United States
any ways what if the maker of vvvvvv does not know how to patch exploits his game will not be on the eshop anymore i mean its kinda a bug but you need to know how it works to fix it and the maker of vvvvvv did not make the exploit

It took the Ironfall team a little more than three months from the day the exploit was announced to get the patched game re-uploaded to the eShop. Also, according to ShinyQuagsire it's a pretty easy fix so we'll most likely see this back up on the eShop at some point.

I'm wondering if Nintendo intends to release a fix for VVVVVV which would require you to update the game before it can be played like they did with Ironfall.

Either way Ocarina of Time is still on the eShop and is only $20 (in the US), so that'll always be an option for people looking for this type of exploit.
 

shinyquagsire23

SALT/Sm4sh Leak Guy
Member
Joined
Nov 18, 2012
Messages
1,971
Trophies
2
Age
25
Location
Las Vegas
XP
3,703
Country
United States
Maybe ShinyQuag should write a letter to Terry detailing how to patch the exploit so it can be readded to the shop (or maybe not, as they haven't taken it from the Eur eShop yet)
The writeup should be enough for Terry to know what to fix, I don't plan on exploiting VVVVVV twice (that'd just be mean at this point). Basically just add size-checking arguments to the XML parsing, easy as that.
 
  • Like
Reactions: gnmmarechal

Quantumcat

Dead and alive
Member
Joined
Nov 23, 2014
Messages
15,149
Trophies
0
Location
Canberra, Australia
Website
boot9strap.com
XP
11,073
Country
Australia
The writeup should be enough for Terry to know what to fix, I don't plan on exploiting VVVVVV twice (that'd just be mean at this point). Basically just add size-checking arguments to the XML parsing, easy as that.
Ah OK cool, I hope he does fix it then, V6 is such a great game, shame for people to miss out on it! It would be interesting if all the publicity made people hear about it and then buy it after the patch (I've never seen the game advertised before, I only heard about it from friends). And then Terry deliberately puts vulnerabilities in his future games hoping for the same effect :-p
 

RupeeClock

Colors 3D Snivy!
Member
Joined
May 15, 2008
Messages
6,463
Trophies
1
Age
33
Website
Visit site
XP
2,603
Country
I've been pondering if the 3DS system's own Save-Data Backup/Restore functionality could possibly be used to install an exploited gamesave.

Using two 3DS systems that both have VVVVVV installed, I tried this:
  1. Install V*Hax on primary system
  2. Backup VVVVVV's game save from primary system using Save-Data Backup
  3. Copy .sav file from primary system's SD card, located in sdmc:\Nintendo 3DS\(ID)\(ID)\backup\000\titleID\00000001.sav
    1. Note that 000 may be 001, 002, corresponding to the Save-Data backup slot used. You get up to 30 slots.
    2. For VVVVVV, the titleID is 0004000000096100
  4. Backup VVVVVV's game save from secondary system using Save-Data Backup
  5. On the secondary system's SD card, replace the .sav file located in the same Nintendo 3DS backup folder, with the exploited .sav from the primary system
  6. On the secondary system, open the System Settings, under Data Management perform a save data restore for VVVVVV
I did this and it said the save data was successfully restored, however upon loading VVVVVV on the secondary system, this just created new save data.
Chances are, the Save-Data Backup process is encrypting the save to only be restorable to the system that backed it up.
So in other words it didn't work, I couldn't back up an exploited save from one system, and restore it to another system.

This makes me wonder if you couldn't install the exploit another way.

What if you could perform the Save-Data Backup on the system to be exploited, retrieve the .sav file, decrypt it using a PC tool or at least a second homebrew enabled 3DS. Then modify the decrypted save with the exploit, re-encrypt the save file and put it in the backup folder.
Perform a Save-Data restore, and hopefully install the exploit that way.

What do you think, is there a chance this could work?
It would mean V*Hax could turn from a secondary exploit to a primary if you can manage this with just a PC.
 

zoogie

playing around in the end of life
Developer
Joined
Nov 30, 2014
Messages
8,504
Trophies
2
XP
14,432
Country
Micronesia, Federated States of
I've been pondering if the 3DS system's own Save-Data Backup/Restore functionality could possibly be used to install an exploited gamesave.

Using two 3DS systems that both have VVVVVV installed, I tried this:
  1. Install V*Hax on primary system
  2. Backup VVVVVV's game save from primary system using Save-Data Backup
  3. Copy .sav file from primary system's SD card, located in sdmc:\Nintendo 3DS\(ID)\(ID)\backup\000\titleID\00000001.sav
    1. Note that 000 may be 001, 002, corresponding to the Save-Data backup slot used. You get up to 30 slots.
    2. For VVVVVV, the titleID is 0004000000096100
  4. Backup VVVVVV's game save from secondary system using Save-Data Backup
  5. On the secondary system's SD card, replace the .sav file located in the same Nintendo 3DS backup folder, with the exploited .sav from the primary system
  6. On the secondary system, open the System Settings, under Data Management perform a save data restore for VVVVVV
I did this and it said the save data was successfully restored, however upon loading VVVVVV on the secondary system, this just created new save data.
Chances are, the Save-Data Backup process is encrypting the save to only be restorable to the system that backed it up.
So in other words it didn't work, I couldn't back up an exploited save from one system, and restore it to another system.

This makes me wonder if you couldn't install the exploit another way.

What if you could perform the Save-Data Backup on the system to be exploited, retrieve the .sav file, decrypt it using a PC tool or at least a second homebrew enabled 3DS. Then modify the decrypted save with the exploit, re-encrypt the save file and put it in the backup folder.
Perform a Save-Data restore, and hopefully install the exploit that way.

What do you think, is there a chance this could work?
It would mean V*Hax could turn from a secondary exploit to a primary if you can manage this with just a PC.
You need arm9 access to get the per console sd key (movable.sed). If you actually have that kind of access, primary/secondary entrypoints are of little concern.
 

RupeeClock

Colors 3D Snivy!
Member
Joined
May 15, 2008
Messages
6,463
Trophies
1
Age
33
Website
Visit site
XP
2,603
Country
You need arm9 access to get the per console sd key (movable.sed). If you actually have that kind of access, primary/secondary entrypoints are of little concern.

Good point then, I had to figure there was a reason save-injection for eShop titles like this had to be done on the 3DS system itself.

Man, if a flaw was discovered in the system's Save-Data backup functionality though, it would make homebrew exploits much easier and cheaper.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Skelletonike @ Skelletonike: No idea what that is tbh, is that like the iso or something?